Should President Trump pardon Michael Flynn?

Story TOpics

Pornhub and YouPorn have been caught serving up more than just X-rated content — cybercriminals have managed to sneak malware into online ads that were delivered to visitors of two of the world’s most popular adult websites.

MindGeek, the Canadian tech company that operates the sites, admitted this week to having been affected by an increasingly common type of attack that’s become known as “malvertising.”

Ads supplied to a third-party service contracted by the company were discovered to contain malicious code, and individuals browsing either porn site without protection risked installing software that opens computers up for hackers.

The presence of the malvertising was first noted publicly on Sept. 19 by malekal, a Twitter user, and was reviewed over the weekend by the security firm Malwarebytes. On Monday, MindGeek said the problem had been resolved.

“Providing an optimal and secure customer experience is of topmost priority for Pornhub, and our organization has taken the necessary steps to protect our customer’s enjoyment without the threat of infection,” MindGeek said in a statement to Malwarebytes.

“As far as the major portals we reported on are concerned, the attacks were blocked fairly quickly which is a good thing for end users. The publishers themselves took proactive measures right away by completely stopping the ads from one their suppliers until the solution was fully resolved,” Jerome Segura, a senior researcher with the firm, told The Washington Times.

YouPorn is ranked the second-most popular adult portal on the web, according to records maintained by Alexa, the global analytics site. Combined with YouPorn, statistics from SimilarWeb suggest the two sites receive roughly 800 million visitors per month. According to Mr. Segura, however, the latest attack may not have been targeted, but instead affected all customers of the advertising network, ExoClick.

“As with a lot of malvertising incidents, these attacks can be hard to identify as ‘isolated’ events or an actual prolonged campaign. The latter is of course the most damaging one because it shows a concerted effort from criminals to affect as many publishers as possible and go unnoticed for as long as they can,” he told The Washington Times.

Malvertising is on the way towards becoming the most popular attack method among cybercriminals, according to a report released last month by Cyphort, a California-based security company. The firm reported a 325 percent increase in “malvertising” last year, and websites ranging from YouTube to the Huffington Post have been caught pushing malicious adverts in recent months.

“As threat actors are getting smarter and smarter, it is imperative to find out the original entry point or weakness that allowed a malvertising incident from happening. We have seen many cases in the past where an ad network will give us the green light and yet hours later the problem will reappear,” Mr. Segura said.